Mobile Menu

Search this website

Crafting a Data Breach Incident Response Plan for a Major Healthcare Technology Company

A major healthcare technology company, seeking to enhance its capability to respond to a cybersecurity incident, turned to Bryhgtpath to develop and streamline its data breach incident response process within a dedicated plan aligned to its enterprise crisis management process.

You are here: Home/Case Studies/ Crafting a Data Breach Incident Response Plan for a Major Healthcare Technology Company

A major healthcare technology company, seeking to enhance its capability to respond to a cybersecurity incident, turned to Bryghtpath to develop and streamline its cybersecurity (data breach) incident response process within a dedicated plan aligned to its enterprise process.

The Opportunity

As a healthcare technology company, cybersecurity incidents and technology disruptions are a primary concern throughout the organization. In addition, the company had just gone through an internal transformation that changed responsibility and reporting structures, as well as changes to its legal and regulatory compliance obligations.

These concerns and operating changes led the Chief Compliance Officer to retain Bryghtpath to develop a new comprehensive cybersecurity incident response plan that aligned to the company’s enterprise crisis management plan.

Approach and Results

We began the effort with a kickoff meeting with the company’s physical and cybersecurity leaders. During the discovery phase, we reviewed existing documentation, including the then-current cybersecurity response plans and capabilities, as well as the company’s enterprise crisis management framework. Given our familiarity and long relationship with the company, we drafted an initial version of the revised plan that allowed for immediate reaction by stakeholders.

We then worked directly with the various partners to craft specific, actionable checklists for their areas of responsibility. These checklists outlined clearly the roles, responsibilities, and interdependencies for each team during a response.

We also worked with internal teams to clearly define engagement requirements and interactions with external resources, such as outside counsel, public relations firms, and other third-party providers.

After the plan revisions were completed, we facilitated a successful informal plan walkthrough exercise to both socialize the revised process and practice the fundamental procedures established within the plan.

A future exercise was also planned to stress the plan and respective processes.